CLAIMS 

What is claimed is: 

1 . A method comprising: 

generating a formal license for content that includes: 

a decryption key for decrypting the content; and 
access rules for accessing the content; and 
configuring a plurality of license authorities to provide a plurality of partial 
licenses, wherein: 

each said license authority provides a respective said partial license; and 
the plurality of partial licenses are combinable to form the formal license. 



2. A method as described in claim 1, wherein the plurality of partial licenses 
are provided according to a (k, m) threshold secret sharing scheme in which: 

a number k said partial licenses are combinable to form the formal license; 

and 

knowledge of any k-\ or fewer said partial licenses may not be utilized 
to form information included in the formal license. 



3. A method as described in claim 1, wherein the configuring includes: 
generating a pre-license fi"om the formal license by encrypting the formal license; 
dividing an encryption key into a plurality of partial secret shares, wherein the 
encryption key is for decrypting the pre-license; and 

transmitting the pre-license and a respective said partial secret share to each said 
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license authority such that each said license authority is configured to generate the 
respective said partial license from the respective said partial secret share and the pre- 
license, 

4. A method as described in claim 3, wherein each said license authority 
verifies the pre-license and the respective said partial secret share by utilizing a verifiable 
secret sharing (VSS) scheme. 

5. A method as described in claim 1, wherein the configuring includes: 
generating a pre-license from the formal license by encrypting the formal license 

utilizing an asymmetric encryption algorithm having a public key and a private key, 
wherein the formal license, the pre-license and the public key are denoted, respectively, 
as ''Hcense'\ ''preF and "P^' as follows: 

prel = (license/^; 

dividing the private key SK into m partial secret shares according to a (k, m) 
threshold secret sharing scheme by: 

generating a sharing polynomial ffx) over any finite field Z, where a© = 
SK, the sharing polynomial being represented as follows: 
f(x) -Qo-^ ajx + ...+ ak-j x^'^ ; and 
calculating each said partial secret share, denoted as Si, for a respective 
said license authority, denoted by /J,-, in which z = 1, . . /w, as follows: 

Si=f(idi); and 

transmitting the pre-license and a respective said partial secret share to a 
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respective said license authority, wherein each said license authority is configured to 
generate the respective said partial license fi'om the respective said partial secret share 
and the pre-license. 

6. A method as described in claim 5, wherein each said license authority 
verifies the pre-license and the respective said partial secret share by utilizing a verifiable 
secret sharing (VSS) scheme in which k public witnesses of the sharing polynomial's f(x) 

coefficients (denoted asiS^ /, where g€Z ) are conmiunicated to each said 

license authority idi to verify validity of a respective said partial secret share Si by 
determining if the following equation holds: 

7. A method as described in claim 1, fiirther comprising packaging the 
content to include one or more network addresses that are suitable for locating each said 
license authority. 

8. A method as described in claim 1, wherein each said license authority is 
communicatively coupled to a peer-to-peer network. 

9. A method as described in claim 1, wherein the plurality of license 

authorities are configured based on a consideration such that at least one said license 

authority provides two or more said partial licenses, wherein the consideration is selected 
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from the group consisting of: 

security of the at least one said license authority against unauthorized access; 

load sharing of the plurality of license authorities; 

availability of each said license authority; 

network availability of each said license authority; 

hardware resources of each said license authority; 

software resources of each said license authority; and 

any combination thereof. 

10. A method as described in claim 1, wherein the configuring includes 
transmitting the pliu-ality of partial licenses to the plurality of license authorities such that 
each said license authority stores the respective said partial license. 

11. One or more computer-readable media comprising computer-executable 
instructions that, when executed, perform the method as recited in claim 1. 

12. A computer-readable medium comprising computer executable 
instructions that, when executed by a computer, direct the computer to: 

configure a plurality of license authorities to provide a plurality of partial licenses, 
wherein: 

each said license authority provides a respective said partial license; 
each said license authority has a network address; 

the plurality of partial license are combinable to form a formal license; and 
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the formal license provides access to content; and 
package the content to include one or more network addresses that are suitable for 
locating each said license authority. 

13. A computer-readable medium as described in claim 12, wherein the one or 
more network addresses include one or more proxy addresses for locating a network 
address of each said license authority. 

14. A computer-readable medium as described in claim 12, wherein the one or 
more network addresses include a network address of each said license authority. 

15. A computer-readable medium as described in claim 12, wherein the 
plurality of license authorities are configured to provide the plurality of partial licenses 
according to a (A:, m) threshold secret sharing scheme in which: 

a number k said partial licenses are combinable to form the formal license; 

and 

knowledge of any k - I or fewer said partial licenses may not be utilized 
to form information included in the formal license. 

16. A computer-readable medium as described in claim 12, wherein the 
computer executable instructions when executed by the computer direct the computer to 
configure a plurality of license authorities by: 

generating a pre-license from the formal license by encrypting the formal license; 
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dividing an encryption key into a plurality of partial secret shares, wherein the 
encryption key is for decrypting the pre-license; and 

transmitting the pre-license and a respective said partial secret share to each said 
license authority such that each said license authority is configured to generate the 
respective said partial license from the respective said partial secret share and the pre- 
license. 

17. A computer-readable medium as described in claim 16, wherein each said 
license authority verifies the pre-license and the respective said partial secret share by 
utilizing a verifiable secret sharing (VSS) scheme. 

18. A computer-readable medium as described in claim 12, wherein the 
computer executable instructions, when executed by the computer, direct the computer to 
configure the plurality of license authorities by transmitting the plurality of partial 
licenses to the plurality of license authorities such that each said license authority stores 
the respective said partial license. 

19. A computer-readable medium comprising computer executable 
instructions that, when executed by a computer, direct the computer to: 

encrypt content; 

generate a formal license for the encrypted content that includes access rules and 
a decryption key for decrypting the encrypted content; 

encrypt the formal license to generate a pre-license; 

38 MS1-1753US 



divide an encryption key suitable for decrypting the pre-license into a plurality of 
partial secret shares; 

upload the pre-license and the plurality of partial secret shares to a plurality of 
license authorities such that each said license authority receives a respective said partial 
secret share and the pre-license; 

package the encrypted content to include one or more network addresses that are 
suitable for locating each said license authority; and 

distribute the packaged content. 

20. A computer-readable medium as described in claim 19, wherein the 
plurality of license authorities are configured to provide the plurality of partial licenses 
according to a (k, m) threshold secret sharing scheme in which: 

a number k said partial licenses are combinable to form the formal license; 

and 

knowledge of any A: - 1 or fewer said partial licenses may not be utilized 
to form information included in the formal license. 

21. A computer-readable medium as described in claim 19, wherein each said 
license authority verifies the pre-license and the respective said partial secret share by 
utilizing a verifiable secret sharing (VSS) scheme. 

22. A method comprising: 

obtaining a plurality of partial licenses over a network from a plurality of license 
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authorities, wherein each said partial hcense is provided, respectively, by a different said 
license authority; and 

forming a formal license from the plurality of partial licenses, wherein the formal 
license includes access rules and a decryption key for accessing content. 

23. A method as described in claim 22, wherein the obtaining includes: 
examining the content to find a plurality of network addresses of a plurality of 

license authorities; 

requesting the plurality of partial licenses from the plurality of license authorities; 

and 

receiving one or more communications having one or more said partial licenses 
that are provided by each said license authority. 

24. A method as described in claim 22, wherein the forming includes 
combining the plurality of partial licenses to form the formal license. 

25. A method as described in claim 22, wherein the plurality of partial 
licenses are provided according to a (k, m) threshold secret sharing scheme in which: 

a number k said partial licenses are combinable to form the formal license; 

and 

knowledge of any k-\ or fewer said partial licenses may not be utilized 
to form information included in the formal license. 
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26. A method as described in claim 25, further comprising determining if k 
correct partial licenses have been received. 

27. A method as described in claim 22, wherein: 

the plurality of partial licenses are obtained from the plurality of license 
authorities over a finite field Z by: 

calculating the partial license preU by each said license authority iV/, from a 
partial secret share Si and a pre-license prel according to the following equation: 

prel^:=^{prelY^\ 

generating a random number u to calculate ^4; = g", ^4^ = pret*, r-u-c^ 

Siy and 

c = hash ig^' ,preli,A^,A2) . 

communicating the partial license pre/,, Aj, Ai^ and r by each said license 
authority; and 

the formal license is formed from the plurality of partial licenses by: 

determining if k correct partial licenses have been received by validating 
each said partial license preU by: 
calculating 

from public witnesses of a sharing polynomial's coefficients, which are 

denoted as that was utilized to generate the partial secret 

share 5„ where g e Z , 
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applying c = hash (g^' , prel. Miy^i) to calculate c; and 

checking if g*^ (g^' y = and prel' {prel^Y = hold for each 

said partial license preU^ and if so, each said partial license preU is valid; 
and 

combining the plurality of partial licenses to form the formal license, 
denoted as license, when k valid said partial licenses are obtained, in which: 

license=[ [(pre^) ' ={prel) ' 
I 

SK ///■ ^^aP^\SK 



where/^(x)= [[ - — rf- 
jX%iid,-idj 



28. One or more computer-readable media comprising computer-executable 
instructions that, when executed, perform the method as recited in claim 22. 



29. A computer-readable medium comprising computer executable 
instructions that, when executed by a computer, direct the computer to: 

examine packaged content to find a plurality of network addresses of a pluraHty 
of license authorities; 

request a plurality of partial licenses from the plurality of license authorities; 

receive the plurality of partial licenses from the plurality of license authorities, 
wherein each said license authority provides at least one said partial license; 

combine the plurality of partial licenses to form a formal license, wherein the 
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formal license includes access rules and a decryption key for decrypting the packaged 
content; and 

output the content by decrypting the packaged content utilizing the encryption key 
and checking the access rules of the formal license. 

30. A computer-readable medium as described in claim 29, wherein the 
plurality of partial licenses are provided according to a (k, m) threshold secret sharing 
scheme in which: 

a number k said partial licenses are combinable to form the formal license; 

and 

knowledge of any ^ - 1 or fewer said partial licenses may not be utilized 
to form information included in the formal Hcense. 

31. A method comprising: 

configuring a plurality of license authorities in a first arrangement to provide a 
plurality of partial licenses, wherein: 

each said license authority provides at least one said partial license; and 
the plurality of partial licenses are combinable to form a formal license 

that includes access rules and a decryption key for content; and 

updating the first arrangement to form a second arrangement such that: 

each said license authority in the second arrangement provides at least one 

of a plurality of updated partial licenses that are combinable to form the formal 

license; and 
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the partial licenses provided in the first arrangement are not combinable 
with the updated partial licenses to form the formal license. 

32. A method as described in claim 31, wherein the updating is performed 
periodically. 

33. A method as described in claim 31, wherein the updating is performed 
over a finite field Z by: 

generating a random (k, m) sharing by each license authority / using a random 
update polynomial update(x), wherein: 

Aupdaiei^) = hi^ + - + ; and 

distributing a subshare Sij by each said license authority / such that each said 
license authority i has a respective said subshare Sij firom another said license authority 
wherein: 

the subshare iS,. J = fi^^pdateU) > 7 = l^"?^ is calculated by each said license 
authority /; 

the subshare Sij is added to the original share S^oi each said Hcense 
authority to form a new updated share 

5; =5, +1^5,,; and 

a new secret sharing polynomial fnew(x) is formed which is a summation of 
an original polynomial f(x) utilized to generate the plurality of partial licenses in 
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the first arrange and each of the randomly generated polynomials fi,up(iate(x)^ 

34. A content publisher comprising: 
a processor; and 

memory configured to maintain: 

a formal license that includes access rules and a decryption key for 
content; and 

a license module that is executable on the processor to form one or more 
transmissions that include data for configuring a plurality of license authorities 
such that: 

each said license authority provides one of a plurality of partial 
licenses; and 

the plurality of partial licenses are combinable to form the formal 

license. 

35. A content publisher as described in claim 34, wherein the plurahty of 
license authorities are configured to provide the plurality of partial licenses according to a 
(k, m) threshold secret sharing scheme in which: 

a number k said partial licenses are combinable to form the formal license; 

and 

knowledge of any k - \ ox fewer said partial licenses may not be utilized 
to form information included in the formal license. 
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36. A content publisher as described in claim 34, wherein: 
the configuring includes: 

generating a pre-license from the formal license by encrypting the formal 
license; and 

dividing an encryption key into a plurality of partial secret shares, wherein 
the encryption key is for decrypting the pre-license; and 

the one or more transmissions include the pre-license and the plurahty of partial 
secret shares such that each said license authority is configured to generate a respective 
said partial Ucense from a respective said partial secret share and the pre-license. 

37. A content publisher as described in claim 34, wherein the configuring 
includes transmitting the plurality of partial licenses to the plurality of license authorities 
such that each said license authority stores the respective said partial license. 

38. A digital rights management system comprising a peer-to-peer network 
having a plurality of nodes, wherein: 

one said node includes a license module that is executable to form one or more 
transmissions, wherein each said transmission includes a pre-license and a partial secret 
share of an encryption key utilized to encrypt the pre-license; 

at least two said nodes are each configured to generate a respective one of a 
plurality of partial licenses from a respective said partial secret share and the pre-license 
that is received from a respective said transmission; and 

a number k of the partial licenses are combinable to form a formal license that 
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includes an encryption key and access rules for accessing content. 

39. A digital rights management system as described in claim 38, wherein one 
or more said nodes provide the content. 

40. A digital rights management system as described in claim 38, wherein 
knowledge of any ^ - 1 or fewer of the partial licenses may not be utilized to form 
information included in the formal license. 

41. A digital rights management system comprising a peer-to-peer network 
having a plurality of nodes, wherein: 

at least two said nodes are each configured to provide at least one of a plurality of 
partial licenses; and 

one said node includes: 

a digital rights management module for forming a formal license from the 
plurality of partial licenses, wherein the formal license includes access rules and a 
decryption key for decrypting encrypted content; and 

a content player for outputting content that is accessed utilizing the formal 

license. 

42. A digital rights management system as described in claim 41, wherein the 
plurality of partial licenses are provided according to a (^, m) threshold secret sharing 
scheme in which: 
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a number k said partial licenses are combinable to form the formal license; 

and 

knowledge of any ^ - 1 or fewer said partial licenses may not be utilized 
to form information included in the formal license. 

43. A client device comprising: 
a processor; and 

memory configured to maintain: 

packaged content that includes one or more network addresses that are 
suitable for locating a plurality of license authorities, wherein each said license 
authority stores one or more partial licenses; 

a content player that is executable on the processor to output content; and 

a digital rights management module that is executable on the processor to: 
obtain the partial licenses from the plurality of license authorities 

utilizing the one or more network addresses; and 

form a formal license from the obtained partial Hcenses, wherein 

the formal license provides access to the packaged content for output by 

the content player. 

44. A client device as described in claim 43, wherein the digital rights 
management module that is executable on the processor to obtain the partial licenses by: 

examining the packaged content to find the one or more network addresses of the 
plurality of license authorities; 
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requesting one or more said partial licenses from each said license authority; and 
receiving one or more communications having the one or more partial licenses 
that are provided by each said license authority. 

45. A client device as described in claim 43, wherein the plurality of partial 
licenses are provided according to a {k, m) threshold secret sharing scheme in which: 

a number k said partial licenses are combinable to form the formal license; 

and 

knowledge of any k-\ or fewer said partial licenses may not be utilized 
to form information included in the formal license. 

46. A client device as described in claim 43, wherein the one or more network 
addresses include a proxy address for locating a network address of each said license 
authority. 

47. A client device as described in claim 43, wherein the one or more network 
addresses include a network address of each said license authority. 

48. A client device as described in claim 43, wherein the digital rights 
management module that is executable on the processor to: 

obtain the partial licenses from the plurality of license authorities, wherein each 
said license authority provide a respective said partial license over a finite field Z by: 

calculating the partial license preU by each said license authority idi from a 
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partial secret share S, and a pre-license prel according to the following equation: 

prel. = {prelf^ ; 

generating a random number u to calculate A/ = g^,A2= pref^ r — u-c^ 

Sty and 

c = hash {g^' yprel^ , y4, , ) ; and 
communicating the partial license preU^ Aj, A 2, and r by each said license 
authority; and 

the formal license is formed from the plurality of partial licenses by: 

determining if k correct partial licenses have been received by validating 
each said partial license preli by: 
calculating 

from public witnesses of a sharing polynomial's coefficients, which are 

denoted as that was utilized to generate the partial secret 

share 5„ where g e Z , 

applying c = hash {g^' , prel^ ^A^,A^) to calculate c; and 

checking ii g' -{g^'Y = A^ and preF {prel^Y = A^ hold for each 

said partial license prelim and if so, each said partial license preU is valid; 
and 

combining the plurality of partial licenses to form the formal license, 
denoted as license^ when k valid said partial licenses are obtained, in which: 
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= {prel)"'={ilicens4''y, 



where/„,(x)= -T-T 
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